The Guardol Language and Verification System

Abstract: Guardol is a domain-specific language designed to facilitate the construction of correct network guards operating over treeshaped data. The Guardol system generates Ada code from Guardol programs and also provides specification and automated verification support. Guard programs and specifications are translated to higher order logic, then deductively transformed to a form suitable for a SMT-style decision procedure for recursive functions over tree-structured data. The result is that difficult properties of Gu… Show more

“…RADA has been successfully integrated into the Guardol system [5], replacing our implementation of the Suter-DottaKuncak decision procedure [15] on top of OpenSMT [3] in Guardol. We have experimented RADA with a collection of 42 benchmark guard examples listed in Table 1.…”

“…The second group consists of ten manually created benchmarks involving parameterized associative-commutative catamorphisms [14]; some of them represent important higher-order functions such as forall, exists, and member. All benchmarks in the last part were automatically generated from Guardol [5] and are highly complicated; for example, the Email Guard benchmark has 8 mutually recursive data types, 6 catamorphisms, and 17 complex obligations. Benchmarks with * in Table 1 contain multiple catamorphisms. RADA was designed to be solver-independent, portable, and compilable on all major platforms.…”

“…RADA was designed to be host-language and solver-independent and it can use either CVC4 or Z3 as its underlying SMT solver. RADA has also been tested on all major platforms and has successfully been integrated into the Guardol system [5]. Experiments show that our tool is reliable, fast, and works seamlessly across multiple platforms, including Windows, Unix, and Mac OS.…”

“…Applications include reasoning about data structure algorithms and guard (firewall) applications that allow/disallow XML messages to pass between networks (as is performed in the Guardol [5] system). To help address the challenge, powerful SMT solvers such as CVC4 [1] and Z3 [4] have also natively supported inductive data types written in SMT format, allowing end-users to experiment with interesting problems involving recursive data structures.…”

RADA: a tool for reasoning about algebraic data types with abstractions

“…RADA has been successfully integrated into the Guardol system [5], replacing our implementation of the Suter-DottaKuncak decision procedure [15] on top of OpenSMT [3] in Guardol. We have experimented RADA with a collection of 42 benchmark guard examples listed in Table 1.…”

“…The second group consists of ten manually created benchmarks involving parameterized associative-commutative catamorphisms [14]; some of them represent important higher-order functions such as forall, exists, and member. All benchmarks in the last part were automatically generated from Guardol [5] and are highly complicated; for example, the Email Guard benchmark has 8 mutually recursive data types, 6 catamorphisms, and 17 complex obligations. Benchmarks with * in Table 1 contain multiple catamorphisms. RADA was designed to be solver-independent, portable, and compilable on all major platforms.…”

“…RADA was designed to be host-language and solver-independent and it can use either CVC4 or Z3 as its underlying SMT solver. RADA has also been tested on all major platforms and has successfully been integrated into the Guardol system [5]. Experiments show that our tool is reliable, fast, and works seamlessly across multiple platforms, including Windows, Unix, and Mac OS.…”

“…Applications include reasoning about data structure algorithms and guard (firewall) applications that allow/disallow XML messages to pass between networks (as is performed in the Guardol [5] system). To help address the challenge, powerful SMT solvers such as CVC4 [1] and Z3 [4] have also natively supported inductive data types written in SMT format, allowing end-users to experiment with interesting problems involving recursive data structures.…”

RADA: a tool for reasoning about algebraic data types with abstractions

“…In this paper we instead establish a connection between HOL and a high-level language (which has a verified runtime). Work by Hardin et al [2] on decompiling Guardol programs has similar goals.…”

Functional Programs: Conversions between Deep and Shallow Embeddings

A High-Assurance, High-Performance Hardware-Based Cross-Domain System